Vulnerability

CVE-2016-1000344

 Report advisory or correction

CVSS Score 7.4 high

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE

CWE-310

References

https://github.com/bcgit/bc-java
https://www.bouncycastle.org/releasenotes.html
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1000344

[CVE-2016-1000344] CWE-310

Description

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.

Deviation Notice:
Sonatype's research suggests that this CVE's details differ from those defined at NVD or other reporting sources; sign in for details.

Sign up and see:

Detailed deviation notices:
  • Detailed deviations
  • References
  • Custom Descriptions [Coming Soon]
Sign Up
See org.bouncycastle/bcprov-jdk15on package information